NSLU2-Linux
view · edit · print · history

Unslung (or maybe Linksys originally) setup the network to run in promiscuous mode. According to Tiersten on IRC this is due to /usr/sbin/download. If you are as uncomfortable with the possibility of having a sniffer on your network as I am you can disable promiscuous mode:

/var/log/messages before:

Nov 4 00:42:42 klogd: ixp425_eth: ixp0: Entering promiscuous mode
Nov 4 00:42:42 klogd: device ixp0 entered promiscuous mode

Disable promiscuous mode:

# ifconfig ixp0 -promisc

/var/log/messages after:

Nov 5 02:42:42 klogd: ixp425_eth: ixp0: Leaving promiscuous mode
Nov 5 02:42:42 klogd: device ixp0 left promiscuous mode

Note: I killed the /usr/sbin/download process. If you run download again it will set the network back to promiscuous mode.

Important: If you kill /usr/sbin/download then the Sercomm upgrade utility will not work unless you restart it. If you've permanently disabled /usr/sbin/download and can't reenable it then the only way to upgrade with newer Unslung versions is to telnet into RedBoot.

---NOTE: Promiscuous mode is not a security 'weakness'. It just means that the network adapter will not discard packets destined for a different MAC address. Normally these packets will be rejected at the hardware level because the OS shouldn't really care about them if it's not operating as a router. All this modification does is force the discarding of non-local destined packets down to the hardware to manage instead of letting them get into the OS.

view · edit · print · history · Last edited by Avend.
Based on work by tman.
Originally by alexr.
Page last modified on April 16, 2008, at 01:46 AM